---
# OnecloudCluster CRD
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    helm.sh/hook: pre-install
  creationTimestamp: null
  name: onecloudclusters.onecloud.yunion.io
spec:
  conversion:
    strategy: None
  group: onecloud.yunion.io
  names:
    kind: OnecloudCluster
    listKind: OnecloudClusterList
    plural: onecloudclusters
    shortNames:
    - onecloud
    - oc
    singular: onecloudcluster
  scope: Namespaced
  versions:
  - additionalPrinterColumns:
    - description: The image for keystone service
      jsonPath: .spec.keystone.image
      name: keystone
      type: string
    name: v1alpha1
    schema:
      openAPIV3Schema:
        properties:
          spec:
            x-kubernetes-preserve-unknown-fields: true
          status:
            x-kubernetes-preserve-unknown-fields: true
        type: object
    served: true
    storage: true
---
# onecloud cluster
apiVersion: "onecloud.yunion.io/v1alpha1"
kind: OnecloudCluster
metadata:
  name: default
  namespace: {{ namespace }}
  annotations:
    onecloud.yunion.io/edition: "{{ edition }}"
spec:
  mysql:
    host: "{{ db_host }}"
    port: {{ db_port }}
    username: "{{ db_user }}"
    password: "{{ db_password }}"
{% if ch_password is defined and ch_password|length > 0 %}
  clickhouse:
    host: "{{ node_ip }}"
    password: "{{ ch_password }}"
    port: {{ ch_port }}
    username: default
{% endif %}
  region: "{{ region }}"
  zone: "{{ zone }}"
  imageRepository: "{{ image_repository }}"
  version: "{{ onecloud_version }}"
{% if use_hyper_image %}
  useHyperImage: true
{% endif %}
  loadBalancerEndpoint: "{{ api_endpoint }}"
{% if disable_resource_management %}
  disableResourceManagement: true
{% else %}
  disableResourceManagement: false
{% endif %}
  productVersion: {{ product_version }}
{% if enable_minio %}
  minio:
    enable: true
  glance:
    switchToS3: true
{% endif %}
{% if ip_type == 'ipv6' %}
  ipv6Cluster: true
{% endif %}
  onecloudServiceOperator:
    disable: true
---
# operator related resources
apiVersion: v1
kind: Namespace
metadata:
  name: {{ namespace }}
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: onecloud-operator
subjects:
- kind: ServiceAccount
  name: onecloud-operator
  namespace: {{ namespace }}
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
---
kind: ServiceAccount
apiVersion: v1
metadata:
  name: onecloud-operator
  namespace: {{ namespace }}
---
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
  name: onecloud-operator-critical
value: 1000000000
globalDefault: false
description: "This priority class should be used for onecloud operator service pods only."
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: onecloud-operator
  namespace: {{ namespace }}
  annotations:
    scheduler.alpha.kubernetes.io/critical-pod: ''
  labels:
    k8s-app: onecloud-operator
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: onecloud-operator
  template:
    metadata:
      labels:
        k8s-app: onecloud-operator
    spec:
      affinity:
        nodeAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 50
            preference:
              matchExpressions:
              - key: onecloud.yunion.io/controller
                operator: In
                values:
                - enable
      serviceAccount: onecloud-operator
      priorityClassName: onecloud-operator-critical
      tolerations:
      - key: node-role.kubernetes.io/master
        effect: NoSchedule
      - key: node-role.kubernetes.io/controlplane
        effect: NoSchedule
      containers:
      - name: onecloud-operator
        image: {{ image_repository }}/onecloud-operator:{{ onecloud_version }}
        imagePullPolicy: IfNotPresent
        command:
        - "/bin/onecloud-controller-manager"
        - "-disable-init-crd"
        - "-sync-user"
        env:
        - name: NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
---
